Table of Contents
The COVID-19 pandemic has led to a massive surge in remote work, with millions of employees now doing their jobs from home on a regular basis. A recent Gartner survey found that 47% of companies will allow employees to work remotely full-time going forward, and 82% will allow hybrid work arrangements.[^1] With so many people working outside the office, the line between work and personal digital life is blurrier than ever. This leads many remote workers to wonder: can my employer see what websites I browse on my own device and home internet connection?
The short answer is: not without your knowledge and consent in most cases, but there are exceptions. Let‘s dive into the technical details of how employer monitoring works and what it means for your privacy as a remote worker, with a special focus on Macs.
What Employers Can See on Company-Owned Devices
When you are using a computer, phone or tablet provided by your employer, they have the right and ability to monitor everything you do on that device, both on and off the company network. Most corporate-issued devices have monitoring software pre-installed before the employee receives the device.
On Macs, this monitoring software can take the form of a Mobile Device Management (MDM) profile or agent app installed by your company. MDM is a feature built into macOS that allows enterprises to remotely configure and manage employee devices.[^2] Using MDM, your employer‘s IT department can:
- Track your device‘s location
- Install and remove apps remotely
- Enforce security policies like passcode requirements and disk encryption
- Push software updates to your device
- Monitor and log your internet traffic and app usage
- Remotely lock or wipe your device
MDM is a legitimate tool for companies to provision and secure employee devices. But it also gives employers a high degree of access to and control over managed Macs. In a bring-your-own-device (BYOD) scenario, companies must obtain employee consent to install MDM on a personal Mac. But on a corporate-owned Mac, the employer can configure it however they choose.
Monitoring capabilities on company Macs are not limited to MDM. Employers may install additional surveillance software like keyloggers, screenshot capture tools, and even remote viewing tools to monitor employee activity more invasively.[^3] The legality and ethics of such monitoring is questionable, but it does occur in some high-security industries.
According to a recent study by Clutch, 78% of companies deploy employee monitoring software of some kind.[^4] Surveillance is most common in the finance, healthcare and IT sectors. Keystroke logging in particular has seen rising adoption, with 45% of companies now deploying keyloggers to track employee input.
What Employers Can See on the Company Network
Even if you are using a personal device, any internet traffic that passes through your company‘s network is visible to your employer. Most enterprise networks log metadata about every connection, including the source and destination IP addresses, timestamps, data volume, and protocol information. Some companies perform deep packet inspection to analyze the contents of network traffic as well.
When you connect to the office WiFi or VPN (virtual private network) from a personal laptop or phone, your employer gains visibility into your online activity. According to the Pew Research Center, 45% of Americans say their employer blocks access to certain websites on the company network.[^5] Companies can enforce these web filters even on personal devices as long as they are connected to the corporate network.
The legal precedent for employee monitoring on company networks dates back to the Electronic Communications Privacy Act (ECPA) of 1986.[^6] The ECPA gives employers the right to monitor communications on systems they own or pay for. Courts have consistently ruled that employees do not have a reasonable expectation of privacy when using company networks and devices.
Your employer likely has an Acceptable Use Policy (AUP) that outlines their monitoring practices on company networks and devices. It‘s always a good idea to read and understand these policies. Assume that your employer is logging your browsing history on any company-owned system. Avoid non-work related browsing on the corporate network whenever possible.
Your Privacy on Personal Devices and Home Networks
When using your own computer and home WiFi network, your employer generally cannot monitor your internet activity without your knowledge or consent. Your home network traffic does not pass through any company systems, so there is no easy way for your employer to track what websites you visit.
However, there are still potential exceptions and loopholes to be aware of:
-
If you access company web apps and services from your personal device, your employer can log those individual connections even if they don‘t see your full browsing history. For example, if you log into your company Gmail or Salesforce account from home, those specific logins could be visible to your employer.
-
Browser extensions and plugins installed on a personal device could share your browsing data with your employer in some cases. If you install a browser extension developed by your company or one that syncs data to a company account, that extension may transmit your web history to your employer. Be cautious about what extensions you enable and what permissions you grant them.
-
If you use Apple services like iCloud and Find My Mac with your personal Apple ID, your browsing history may be synced across devices.[^7] If you also use your Apple ID on a work device, that could allow your employer to access your iCloud browsing history from your personal devices. To avoid this, use different Apple IDs for work and personal devices.
-
Employers can still monitor your public social media regardless of what devices or networks you use. According to a 2020 Harris Poll, 70% of employers screen job candidates‘ social media profiles.[^8] Assume that anything you post publicly could be seen by current or prospective employers. Adjust your social media privacy settings if needed.
Following these best practices will minimize the chances of unintentional browsing data leakage from your personal devices. macOS also includes several built-in privacy protections that can help keep your personal browsing data local to your Mac.
Securing Your Personal Mac Against Employer Monitoring
Macs have a number of advantages over Windows PCs when it comes to preventing employer surveillance on personal devices. For one, macOS is a closed-source operating system that is more locked down against unauthorized changes by default compared to Windows.
The macOS sandboxing model isolates individual apps in their own containers to limit access to system resources. Safari also runs webpage content in a separate sandboxed process which makes it harder for browser extensions to access browsing data.[^9]
To further shore up your Mac‘s privacy and security, consider these tips:
-
Keep your Mac updated to the latest version of macOS. New releases often include security fixes for known vulnerabilities that could be exploited by monitoring software.
-
Enable FileVault full-disk encryption to protect your data at rest. Go to System Preferences > Security & Privacy > FileVault to turn it on.
-
Review your Mac‘s default app permissions under System Preferences > Security & Privacy > Privacy. Uncheck any employer apps and services. Be judicious about what third-party apps you allow to access your location, contacts, calendars, and other sensitive data.
-
Disable Remote Management and Screen Sharing under System Preferences > Sharing if they are not needed. These features could potentially be abused for remote monitoring.
-
Use a separate user account on your Mac for work. This keeps your work and personal files, preferences, and browsing history isolated. Your employer‘s MDM can only manage and monitor the designated work user profile on a personal Mac.[^2]
-
Consider using a VPN to encrypt your internet traffic and hide your browsing activity from your ISP. Your employer still won‘t be able to see your browsing history if you use a VPN on your home network. Well-regarded Mac VPN clients include ExpressVPN, NordVPN, and ProtonVPN.
Macs have strong privacy protections out-of-the-box, but it‘s still important to be proactive about securing your personal devices against potential employer tracking. A few basic precautions can go a long way in keeping your personal browsing private.
The Ethics of Employee Monitoring
The rise of remote work has led to more companies adopting employee tracking software. Demand for employee monitoring tools surged 58% in April 2020 alone.[^10] But this practice raises thorny ethical questions about where the boundary between work and personal digital life should be drawn.
Employee monitoring is ostensibly done to improve productivity and security. But it can also breed resentment, stress and distrust in workers. A Harvard Business Review study found that employees who know they are being monitored at work are more likely to experience anxiety, depression and physical ailments.[^11]
There are also risks of these monitoring systems being abused. Over 71% of people with access to employee monitoring data have used it for unintended purposes, according to a survey by security firm GetApp.[^12] This included snooping on employees for personal reasons and even stalking them outside of work.
Employers must balance their legitimate needs for oversight with employees‘ fundamental right to privacy. If monitoring is deemed necessary, companies should practice transparency by disclosing exactly what is tracked and how the data is used. Employees should have access to the data collected about them and a process to dispute inaccurate records. Clear limits need to be set on tracking outside of work hours.
As the lines between office and home blur, the privacy implications of employee monitoring grow more complex. Workers need to be aware of what their employers can and cannot see. At the same time, companies should strive to protect employee privacy as much as possible while still meeting legitimate business needs. Having open and honest conversations about employee tracking is key.
The Bottom Line
So in summary: your employer likely cannot see your internet browsing history on your personal computer and home network without your consent. But they can track your online activity anytime you are using a company-owned device or logged into the company network remotely.
To protect your privacy while working from home, keep your work and non-work browsing as separate as possible. Don‘t do personal browsing on corporate devices or networks. Be mindful of what personal information you share with employer apps and services.
On your own devices, you have much more control over your data and privacy. But it‘s still a good idea to follow best practices like using strong passwords, keeping your software up-to-date, and leveraging your operating system‘s built-in security and privacy features. Consider using a VPN for an added layer of encryption.
The world of remote work is still evolving rapidly. Employers are adapting their policies and practices for this new distributed environment. Employees must adapt as well by proactively protecting their own privacy. Knowing what can and cannot be tracked is the first step. Hopefully this guide has given you a clearer picture of where things stand.
Of course, privacy expectations and employee monitoring practices vary between organizations. When in doubt, check with your manager or IT department on your company‘s specific policies. Stay informed and stay safe out there!
[^1]: Gartner Survey Reveals 82% of Company Leaders Plan to Allow Employees to Work Remotely Some of the Time
[^2]: Mobile device management (MDM) settings for IT in macOS)
[^3]: The Boss Is Watching: Work-From-Home Boom Leads To More Surveillance
[^4]: Employee Monitoring Is on the Rise
[^5]: Key takeaways on how Americans view privacy issues
[^6]: Electronic Communications Privacy Act of 1986
[^7]: iCloud security overview
[^8]: Job Seekers, Beware: 70% Of Employers Are Snooping Candidates‘ Social Media Profiles
[^9]: About the security content of Safari 13.1
[^10]: Employee surveillance software demand increased as workers transitioned to home working
[^11]: Is Employee Surveillance About to Get More Invasive?
[^12]: Employee Monitoring: How Much Is Too Much?